diff options
author | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2016-09-16 13:12:50 +0200 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2016-09-19 14:18:54 +0200 |
commit | 8d96e85a8d7c87909674dd0372dd8c8d481f38b1 (patch) | |
tree | 7ee319ddeb2e2c29b301ceb1b075fb0b467346da | |
parent | 568418fbc9c2529874e17a3f151d099a8e9fc717 (diff) | |
download | gnutls-8d96e85a8d7c87909674dd0372dd8c8d481f38b1.tar.gz |
Increased the maximum size allowed for handshake messages to 128kb
This would allow the library to cope with larger packets, as well
as TLS 1.3 hellos. Suggested by Hubert Kario.
-rw-r--r-- | lib/gnutls_int.h | 2 | ||||
-rw-r--r-- | lib/handshake.c | 5 |
2 files changed, 5 insertions, 2 deletions
diff --git a/lib/gnutls_int.h b/lib/gnutls_int.h index 8eb555361f..3b8d6299f9 100644 --- a/lib/gnutls_int.h +++ b/lib/gnutls_int.h @@ -105,7 +105,7 @@ typedef struct { /* The size of a handshake message should not * be larger than this value. */ -#define MAX_HANDSHAKE_PACKET_SIZE 48*1024 +#define MAX_HANDSHAKE_PACKET_SIZE 128*1024 /* The maximum digest size of hash algorithms. */ diff --git a/lib/handshake.c b/lib/handshake.c index 9a8c9acc3f..e9751ef9d5 100644 --- a/lib/handshake.c +++ b/lib/handshake.c @@ -3392,11 +3392,14 @@ _gnutls_recv_hello_request(gnutls_session_t session, void *data, * This function will set the maximum size of all handshake messages. * Handshakes over this size are rejected with * %GNUTLS_E_HANDSHAKE_TOO_LARGE error code. The default value is - * 48kb which is typically large enough. Set this to 0 if you do not + * 128kb which is typically large enough. Set this to 0 if you do not * want to set an upper limit. * * The reason for restricting the handshake message sizes are to * limit Denial of Service attacks. + * + * Note that the maximum handshake size was increased to 128kb + * from 48kb in GnuTLS 3.5.5. **/ void gnutls_handshake_set_max_packet_length(gnutls_session_t session, |